The patent protected architecture of Egress Switch is key to secure data exchange innovation. The basic components are familiar; a client for creating, opening, or managing secure packages, and a server for managing users and their relationships with those packages. However, Egress Switch keeps the secure data separate from the security policy – the settings that users place on a secure package to limit access. By separating these two items, Switch allows policy to be changed at any time, and never needs to handle the sensitive user data during the sharing process.
When Egress Switch protects your information, it uses encryption to make it unreadable to those who don't have the encryption key. Switch uses AES 256-bit encryption, the same security that is trusted by governments around the world. All files are encrypted when they are placed in the secure package so there's no chance of your information being exposed. Encryption keys are provided only to the recipients you authorize. A Switch client will only decrypt your secure package after the recipient has proven who they are, and when all other security restrictions are met.
The Egress Switch server (ESi) keeps track of all the people using the system. Since the sign up process is available to anyone over the Internet, the concept of user management is distributed. This means each user is responsible for their account and login credentials. To share with someone, all you need to know is the recipient's ID, which is their email address. By distributing user management, Egress Switch solves a fundamental problem of traditional rights management products that required the information owner to manage user accounts for any and all recipients. Egress Switch is easy and economical.
Access to secure packages is only allowed for authorized users. This means Egress Switch needs each user to identify themselves using their ID and password. Security best practices require each user to have their own ID, this is recommended for Switch too. Signing into Switch can be automatic by setting Switch to sign in when your computer is started after you have signed into Microsoft Windows. Switch also allows you to create custom security questions to help you remember your password, and a self-help portal for users to change or reset their password at any time.
Built-in security goes beyond the data in the secure package. All communication between the Switch client and server is secured too. Information about authentication, packages, security settings, log information, and access requests flow through this connection. Any of that information might be a starting point to a security break down, so the communication channel is encrypted using SSL. This strong security is the same type used for secure web transactions, for example in online banking or retail purchases over the web.
While Egress Switch is protecting your shared information, the information stored in the network cloud on the Egress server needs to be protected too. ESi stores information about users, packages, security settings, and log information. Access to this information is available to authorized users after they have authenticated with the same credentials they would use on the Switch client. All communication in and out of the server is encrypted using SSL, and all stored information is encrypted. This strong security means there is no possibility of compromise for the site, which translates into strong security for your shared information.
